Wednesday, April 15, 2009

PI License for Forensic Work in Texas Revisited

I've talked about the ongoing debate about requiring Private Investigator licenses for people doing computer forensic work before.  I've also talked specifically about the requirements in Texas because of the unintended consequences that came of it.  See Texas screws the pooch even harder for more details.


The SANS Forensic blog is reporting on some changes to the Texas Requirements that people performing computer forensics get private investigator licenses.  A bill has been introduced in Texas to amend the Business & Commerce Code to define what a "Computer data recovery specialist", "Computer forensic analyst", and a "Computer technician" is.  The bill also makes changes to the Occupations code and changes the licensing requirements for some computer work based on the definitions that were added to the Business & Commerce Code.  You can find the bill here: http://www.legis.state.tx.us/tlodocs/81R/billtext/pdf/HB02564I.pdf and the law currently in place here: http://tlo2.tlc.state.tx.us/statutes/docs/OC/content/pdf/oc.010.00.001702.00.pdf


I am not a lawyer, but I can read fairly well so here is what I think is going on.  Don't take any legal advise from me though.  Let's start with those definitions.  


Computer data recovery specialist: dude that recovers data, but not for evidentiary purposes.


Computer forensic analyst: dude that acquires data, or dude that analyzes data acquired by someone else for the purpose of providing evidence in actual or potential civil or criminal proceedings.


Computer technician: dude that repairs computers, including the software.


The first change in the way we do business also comes in the Business and Commerce Code.  Section 107.002 of the proposed amendment requires all three of those people defined above to get a statement before they perform any work on a computer.  That statement basically would say that the facts presented in the work order are true and that the computer being analyzed has been legally obtained.  In other words, it is being presented for work by the owner or it has been authorized by a court of law (think search warrant).  Forensic analysts and computers technicians do not need this if they are working on their employers computer.


OK.  So far things seem fair.  I know that lawyers are able to take straight forward sentences and make them mean something else, but I would say that I agree with the spirit of the changes so far.  I don't think it is terribly burdensome to make people sign off that they own or have legally acquired the data they are asking someone to analyze.  Under the proposed changes, not getting these statements is a class C misdemeanor.  Under Texas penal code, Title 3, Chapter 12, Subchapter A Section 12.03 (c) "Conviction of a Class C misdemeanor does not impose any legal disability or disadvantage."  Section 12. 23 states that "An individual adjudged guilty of a Class C misdemeanor shall be punished by a fine not to exceed $500."  http://tlo2.tlc.state.tx.us/statutes/docs/PE/content/htm/pe.003.00.000012.00.htm


Next we should look at the changes being made to the Occupations code.  First, we should look at the easy to understand stuff.  Section 1702.104 is getting a subsection C and D added onto it, and some changes to subsection B.  Subsection D is really easy to understand.  The repair or maintenance of a computer does not constitute and investigation for purposes of this section ad doesn't require a license as long as the technician isn't gathering evidence.  The change to subsection B is pretty easy to grasp too.  It says "all the language that is in here now stays, but we're making exceptions for the stuff written in subsection C and D.


So that leaves us with the change to subsection C.  So now we need to look at the current law on the books and kind of understand what section 1702.104 says.  The whole chapter talks about the licensing requirements of various people, include investigations companies.  According to section 1702.104 a person acts as an investigations company if they are engaged in the business of obtaining information related to crimes, or locations of stolen property, or the general information about a person.  Subsection B of 1702.104 specifically calls out computer forensic.  It says that doing any of that investigating I talked about above includes investigation of computer-based data not available to the public.    Remember that the bill introduced leaves subsection B as it is but says that there are two exceptions which are listed in section C and D (computer repair man).  Section C says that obtaining and furnishing information does not include obtaining for furnishing computer data by a forensic analyst as defined up above in the Business & Commerce Code.  That kind of work does not require a license under this chapter.  Chapter 1702 of the Occupations code relates to private security and the licensing necessary to act in those job roles.  So the proposed bill makes it so that forensic analysts and computer repair people are not being lumped into the same requirements as private investigators, people that install security alarm systems, armored car drivers, etc.


The definitions that are applied here are pretty specific to computer forensics though.  I wonder if a forensic accountant would be required to get a private investigators license to do business in Texas.  Overall, I am happy with the changes if I am reading them correctly.  It removes the requirement that you have to qualify as a private investigator before you can analyze a hard drive which I think is asinine.  It puts some very reasonable restrictions on the practice of forensics (requiring a signed statement of ownership) and it leaves the door open for other requirements to be imposed on digital forensic analysts that actually pertain to the work they do.  


I want to be clear that I am not opposed to having some licensing requirements for forensic analysts.  I think that requiring someone to have some number of hours of experience before they can work unsupervised or present their findings in court is reasonable.  Requiring 6000 hours of experience as a highway patrolman pulling over speeders shouldn't be sufficient to be licensed as a digital forensic expert...just like 6000 hours of being a digital forensic expert shouldn't qualify you to be a private investigator.  I'm not opposed to background checks or requiring analysts to carry errors and omissions insurance.  All I want to see is that if states are going to impose some licensing requirements on digital forensic analysts those licensing requirements should be relevant to the work they do. 

No comments: